Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency systeminformation to version 4.31.1 馃専 #14715

Merged

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 23, 2021

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
systeminformation (source) 4.27.11 -> 4.31.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-26245

Impact

command injection vulnerability by prototype pollution

Patches

Problem was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. Please upgrade to version >= 4.30.2

Workarounds

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite()

For more information

If you have any questions or comments about this advisory:

CVE-2020-26274

Impact

command injection vulnerability

Patches

Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.31.1

Workarounds

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency()

For more information

If you have any questions or comments about this advisory:


Release Notes

sebhildebrandt/systeminformation

v4.31.1

Compare Source

v4.31.0

Compare Source

v4.30.11

Compare Source

v4.30.10

Compare Source

v4.30.9

Compare Source

v4.30.8

Compare Source

v4.30.7

Compare Source

v4.30.6

Compare Source

v4.30.5

Compare Source

v4.30.4

Compare Source

v4.30.3

Compare Source

v4.30.2

Compare Source

v4.30.1

Compare Source

v4.30.0

Compare Source

v4.29.3

Compare Source

v4.29.2

Compare Source

v4.29.1

Compare Source

v4.29.0

Compare Source

v4.28.1

Compare Source

v4.28.0

Compare Source


Renovate configuration

馃搮 Schedule: "" in timezone America/New_York.

馃殾 Automerge: Disabled by config. Please merge this manually once you are satisfied.

鈾伙笍 Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

馃敃 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added renovate Triggered by renovatebot type: dependencies labels Jan 23, 2021
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Jan 23, 2021

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.

Copy link
Member

@jennifer-shehane jennifer-shehane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine. Changes in this update below:

Version Date Comment
4.31.1 2020-12-11 inetLatency()聽command injection vulnaribility fix
-- -- --
4.31.0 2020-12-06 osInfo()聽added FQDN
4.30.11 2020-12-02 cpu()聽bug fix speed parsing
4.30.10 2020-12-01 cpu()聽handled speed parsing error (Apple Silicon)
4.30.9 2020-12-01 cpu()聽corrected processor names (Raspberry Pi)
4.30.8 2020-11-30 fsSize()聽catch error (mac OS)
4.30.7 2020-11-29 cpuTemperature()聽rewrite hwmon parsing
4.30.6 2020-11-27 wmic added default windows path (windows)
4.30.5 2020-11-26 adapted security update (prototype pollution prevention)
4.30.4 2020-11-25 reverted Object.freeze because it broke some projects
4.30.3 2020-11-25 security update (prototype pollution prevention) Object.freeze
4.30.2 2020-11-25 security update (prototype pollution prevention)
4.30.1 2020-11-12 updated docs
4.30.0 2020-11-12 get()聽possibility to provide params
4.29.3 2020-11-09 blockdevices()聽catch errors adapted for just one line
4.29.2 2020-11-09 blockdevices()聽catch errors
4.29.1 2020-11-08 cpu(),聽system()聽better parsing Raspberry Pi revision codes
4.29.0 2020-11-08 fsSize()聽correct fs type detection macOS (HFS, APFS, NFS)
4.28.1 2020-11-05 code cleanup, removing debug console.log()
4.28.0 2020-11-04 graphics()聽added deviceName (windows)

@jennifer-shehane jennifer-shehane merged commit f0078b9 into develop Jan 25, 2021
63 checks passed
@renovate renovate bot deleted the renovate/npm-systeminformation-vulnerability branch January 25, 2021 09:46
pashidlos pushed a commit to pashidlos/cypress that referenced this pull request Jan 30, 2021
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Feb 1, 2021

Released in 6.4.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v6.4.0, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Feb 1, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
renovate Triggered by renovatebot type: dependencies
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants